diff --git a/dmz/internalproxy/templates/s3.yaml b/dmz/internalproxy/templates/s3.yaml
index 5fb2506..278686d 100644
--- a/dmz/internalproxy/templates/s3.yaml
+++ b/dmz/internalproxy/templates/s3.yaml
@@ -61,3 +61,49 @@ spec:
   commonName: "s3.internal.durp.info"
   dnsNames:
     - "s3.internal.durp.info"
+    -
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: s3-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`s3.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: s3
+          port: 9768
+          scheme: http
+  tls:
+    secretName: s3-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: s3-tls
+spec:
+  secretName: s3-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "s3.durp.info"
+  dnsNames:
+    - "s3.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: s3-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: s3.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info